论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2008-06-26 16:32 |只看该作者 |倒序浏览

怎样让iptables防火墙后的qmail来向外发送信件？
都需要添加那些规则？
我的要求是 INPUT OUTPUT FORWARD都DROP掉。需要增加那些规则链接！
qmail是与SQL相连的。
我现在的情况是：
不启动iptables防火墙时可以任意的收发邮件。但是我配置了防火墙后就不能向外网发送信件了，内部的可以收发。
以下是我的iptables规则表：
[root@webserver /]# iptables -L
Chain INPUT (policy DROP)
target    prot opt source             destination
ACCEPT    udp  --  anywhere          anywhere          udp spt:domain
ACCEPT    udp  --  anywhere          anywhere          udp dpt:domain
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:mysql
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:8009
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:8005
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:8009
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:8005
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:http
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:sunrpc
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:5084
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:32769
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:10088
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:mysql
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:pop3s
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:pop3
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:smtp
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:ftp-data
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:ftp
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:ssh

Chain FORWARD (policy ACCEPT)
target    prot opt source             destination
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:smtp
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:pop3
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:pop3
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:smtp
ACCEPT    udp  --  anywhere          anywhere          udp spt:domain
ACCEPT    udp  --  anywhere          anywhere          udp dpt:domain
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:ssh

Chain OUTPUT (policy ACCEPT)
target    prot opt source             destination
ACCEPT    udp  --  anywhere          anywhere          udp dpt:domain
ACCEPT    udp  --  anywhere          anywhere          udp spt:domain
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:10088
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:pop3s
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:sunrpc
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:pop3
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:smtp
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:smtp
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:pop3s
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:pop3
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:sunrpc
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:mysql
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:8005
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:8009
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:8009
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:8005
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:mysql
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:http
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:webcache
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:ftp
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:ssh
希望那位大侠知道在下！在下感激不敬！